Using technology from Path Intelligence, major malls and retailers are …

Online retailers have long gathered behavioral metrics about how customers shop, tracking their movements through e-shopping pages and using data to make targeted offers based on user profiles. Retailers in meat-space have had tried to replicate that with frequent shopper offers, store credit cards, and other ways to get shoppers to voluntarily give up data on their behavior, but these efforts have lacked the sort of data capacity provided by anonymous store browsers—at least until now. This holiday season, shopping malls in the US have started collecting data about shoppers by tracking the closest thing to "cookies" human beings carry—their cell phones.

The technology, from Portsmouth, England based Path Intelligence, is called Footpath. It uses monitoring units distributed throughout a mall or retail environment to sense the movement of customers by triangulation, using the strength of their cell phone signals. That data is collected and run through analytics by Path, and provided back to retailers through a secure website.

On March 31, Path CEO Sharon Biggar presented the tech at the ICSC Fusion conference in Los Angeles. She discussed how data collected by Footpath could be used by retailers to boost revenue. Options include tracking response to mailers and other advertising by providing the equivalent of web metrics like unique visitors, "page impressions" (measuring how many people walked past a display or advertisement), and "click-through" (determining how many people who passed an advertisement then visited the store associated with it). "Now we can produce heat maps of the mall and show advertisers where the premium locations are for their adverts," she said, "and perhaps more importantly we can price the advertising differently at each location."

In the US, Footpath is being trailed in two malls by Forest City, a mall real estate company that owns malls and shopping centers nationwide. Promenade Temecula in Temecula, California, and Short Pump Town Center in Richmond, Virginia are the sites of choice; the trial starts today, and will run through New Years. In a written statement, Forest City's spokesperson Lindsey Cottone said that Forest City was being "totally transparent" about the trial, posting signage to "inform customers that the survey is taking place."

Forest City's senior vice president of marketing, Jane Lisey, emphasized that the company was not collecting personally identifiable information about shoppers from their phones, and that customers' phone numbers and other information were protected by their wireless carriers. "Before agreeing to test this technology it was essential to determine and guarantee that the personal information of our shoppers would be completely anonymous to all parties," she said.

While Footpath uses only the signal fingerprint of the phone, it does give a fairly accurate record of where the phone has travelled through a mall. According to the editor of trade site Storefront Backtalk, Evan Schuman, the data can be paired with other sources of data, including surveillance video and point-of-sale transaction information. If they went this route, retailers would get a very detailed profile of who's carrying each phone.

"Some malls are even using facial recognition software," Schuman told Ars Technica in a phone interview, with the primary purpose of "loss prevention"—identifying shoplifters. But that data, he said, could be tied to location data to be turned into customer relationship management data. Mall operators could then theoretically sell data to retailers, alerting them when big-ticket shoppers were approaching so that they could be given personalized service.

There's just one problem with this type of detailed tracking: it's technically illegal, according to Mark Rasch, the director of cybersecurity at CSC. Thanks to court interpretations of provisions in the USA PATRIOT Act, he said in a recent blog, devices that measure cell phones' signal strength could be considered to be "pen registers"—monitoring devices that require a warrant.

"Although this mall technology might not identify specific individuals, it raises a bunch of privacy red flags," he wrote. "First, the instant the consumer identifies himself or herself anywhere in the mall (say, by using a credit or debit card to buy something), it is a trivial task to cross reference the cell phone data with the payment data and realize that the person hanging around outside the Victoria’s Secret dressing room was your 70-year-old neighbor."

That's more information than many consumers are interested in divulging. So far, however, there's been no sign that the legality of the service will be tested in court. And retailers could conceivably use the same justification for the technology that they use for facial recognition software: "loss prevention." In many jurisdictions, real estate owners are given wide latitudes about what they monitor on their own premises.

195 Reader Comments

"Although this mall technology might not identify specific individuals, it raises a bunch of privacy red flags," he wrote. "First, the instant the consumer identifies himself or herself anywhere in the mall (say, by using a credit or debit card to buy something), it is a trivial task to cross reference the cell phone data with the payment data and realize that the person hanging around outside the Victoria’s Secret dressing room was your 70-year-old neighbor."

All of this from signal strength?! The real magic is in how they can cross reference your debit card with your signal strength to track you.

Based on their description of a "heat map", it doesn't sound like they can track anything except the concentration of customers in different parts of the store. This is nothing like a "cookie". These is no unique data, not even anonymous unique data.

You missed this part:

"While Footpath uses only the signal fingerprint of the phone, it does give a fairly accurate record of where the phone has travelled through a mall. According to the editor of trade site Storefront Backtalk, Evan Schuman, the data can be paired with other sources of data, including surveillance video and point-of-sale transaction information. If they went this route, retailers would get a very detailed profile of who's carrying each phone"

Come on people. This is no worse than cookies on your web browser, or attaching usage data to your IP address. Personally, I really don't give a **** if they monitor where I go (the mall's plain clothes security has been doing this for years). If it leads to the mall putting Radio Shack, Electronics Boutique, and Willis Music closer to the entrance, I'm all for it. If the government uses it, that's good too - that way they know where I am if I suddenly die in a freak accident and my family will be notified all the sooner.

Go ahead tell me I'm a hopeless optimist, tell me I have my head stuck up my um... other end. I really don't care. I draw my line at implanting a transceiver somewhere in my body.

Verizon, my sons carrier, and my own carrier CSpire, tell me that if the "Location On" feature is enabled it allows "authorized" applications other than 911 services to determine a cell phone location, and that "911 only" mode only allows 911 to locate the phone if a call is placed to 911. They also stated that because the "Location On" option is enabled it does not turn the cell phone into a location beacon that is traceable simply because the phone is turned on.

So i'm guessing the location determination of this mall cell phone tracking is based upon the "Location On" setting being enabled in the phone options, and the data comes from authorized applications. So are the carriers supplying an authorized application capability or is this method exploting the "Location on" option in an unauthorized manner?

So, maybe switching the phone option to "911 only" will keep this new method from tracking the cell phone?

Location mode allows the phone to use triangulation via the cell towers. This is all secure data, so the store will not have access to it.

"Location On" just means any apps that you have installed may use the GPS feature within the phone. It does not broadcast this info. When you dial 911, it sends your GPS data along with the call.

Jack_o pointed out the "signal finger print". I would like to know more about this "finger print". Does this only work with GSM and not CDMA? Do all advanced digital radio devices have a "finger print"? Is this finger print not actually your signal, but how your signal pulses when your apps communicate, so maybe only a smartphone issue?

I have no idea how they could track this with a CDMA phone. Maybe this will push more people to use CDMA, just because of better privacy.. assuming it's "immune" to these "fingerprints".

This thread has great information on shopping. A friend of mine told me about this cool app that allows you to get instant feedback from your Facebook friends on whether you should buy something or not (for themselves or as a gift). Here's the link - I think the app is coming out around Black Friday but you can sign up now:

Verizon, my sons carrier, and my own carrier CSpire, tell me that if the "Location On" feature is enabled it allows "authorized" applications other than 911 services to determine a cell phone location, and that "911 only" mode only allows 911 to locate the phone if a call is placed to 911. They also stated that because the "Location On" option is enabled it does not turn the cell phone into a location beacon that is traceable simply because the phone is turned on.

So i'm guessing the location determination of this mall cell phone tracking is based upon the "Location On" setting being enabled in the phone options, and the data comes from authorized applications. So are the carriers supplying an authorized application capability or is this method exploting the "Location on" option in an unauthorized manner?

So, maybe switching the phone option to "911 only" will keep this new method from tracking the cell phone?

No. This mall story had nothing to do with GPS, and this nothing at all to do with the Location On setting. The "authorized application" your carrier was taking about isn't a normal app like you can launch yourself - they are just saying the carrier can send a location request to your phone in emergency situations and your phone will reply with the GPS coordinates.

This mall thing is simply about the normal cellular signals that the phone and network exchange while the phone is idle. Nothing to even worry about, but if you really want to freak about it anyway you have to turn your phone off to avoid it.

Is it legal to do this with wifi and bluetooth but not 3G/edge ?Could do the same as the wifi by using femto cells.

If this is illegal why is it legal for carriers to sell information gathered in the same way via their mobile phone base stations about vehicle traffic , pedestrian traffic(to cities and urban planning/construction companies) etc

Does the museum do this automatically or do you have to request this automated tour guide? Also you can opt out by not using their wifi... the mall gives you no such options.

Let me walk into this mall. The first place I would head for is straight for the mall manager's office to inform them that I would be filing a lawsuit against their management company for violating my privacy by tracking my mobile phone.

Since they are NOT a law enforcement agency, not homeland security and they don't have a warrant, I would sue them for everything they've got.

This would surely be abused. What happens when an employee of the mall decided to track the spending habits of a customer and then they decide to "rob" that customer when they headed into a parking structure? Not to mention that it's illegal for this shopping mall to track their customers. They don't have the right to do that.

Even in America, you have to have laws and things on your side before you sue people. One cannot simply walk around suing everyone for "everything they've got" just because he or she feels wronged in some way.

Shocking, I know.

No. You can start a suit against anyone, regardless of the legality. Whether or not you can win the case, or if it is thrown out by the judge, is another issue.

Verizon, my sons carrier, and my own carrier CSpire, tell me that if the "Location On" feature is enabled it allows "authorized" applications other than 911 services to determine a cell phone location, and that "911 only" mode only allows 911 to locate the phone if a call is placed to 911. They also stated that because the "Location On" option is enabled it does not turn the cell phone into a location beacon that is traceable simply because the phone is turned on.

So i'm guessing the location determination of this mall cell phone tracking is based upon the "Location On" setting being enabled in the phone options, and the data comes from authorized applications. So are the carriers supplying an authorized application capability or is this method exploting the "Location on" option in an unauthorized manner?

So, maybe switching the phone option to "911 only" will keep this new method from tracking the cell phone?

No. This mall story had nothing to do with GPS, and this nothing at all to do with the Location On setting. The "authorized application" your carrier was taking about isn't a normal app like you can launch yourself - they are just saying the carrier can send a location request to your phone in emergency situations and your phone will reply with the GPS coordinates.

This mall thing is simply about the normal cellular signals that the phone and network exchange while the phone is idle. Nothing to even worry about, but if you really want to freak about it anyway you have to turn your phone off to avoid it.

I'm not talking about GPS, I was talking about cell tower triangulation which occurs normally if the phone is turned on even if not being used at the time. According to Verizon and CSpire, cell phones triangulate via cell towers also and there is a periodic signal from the phone that keeps in touch with the closest cell tower ("pings" the tower is what one guy told me). However, they also said that if the "Location On" option is enabled it does not turn the cell phone into a location beacon that is traceable simply because the phone is turned on, but thats based upon having an authorized application to track the phone. So it makes me wonder if this mall cell phone location thing is some how using that periodic "ping" signal in some way.

The mall story doesn't mention GPS, it just says signal, and GPS is not mentioned on the Path Intelligence web site. For FootPath it says this on the Path Intelligence web site:

"The Path Intelligence FootPath system consists of a small number of discreet monitoring units installed throughout the centre. These units calculate the movement of consumers without requiring the shopper to wear or carry any special equipment. The units measure signals from the consumers' mobile phones using unique technology that can locate a consumer's position to within a few metres. These units feed this data (24 hours a day 7 days a week) to a processing centre, where the data is audited and sophisticated statistical analysis is applied to create continuously updated information on the flow of shoppers throughout the centre. At any time the shopping centre management can access the data via PI's secure web-based reporting system.

The FootPath technology is the only system available on the market today that can gather information on shopper paths continuously and accurately. FootPath can be installed in one centre or across a portfolio, providing you with quantifiable information to help you monitor your centre and assess the impact of your business decisions."

So, I already know that the cell phone "pings" a cell tower every once and a while when its turned on from speaking with Verizon and CSpire without having to be used for calls or anything, so i'm guessing the FootPath thing uses this same signal to track specific phones ("The units measure signals from the consumers' mobile phones using unique technology that can locate a consumer's position to within a few metres") because they can track a certain phone to within a few meters, so there is something unique that identifies a specific phone they are able to capture and i'm betting its the signal a cell phone normally sends to a cell tower (if its true that they do periodically "ping" a cell tower) as that would identify a specific phone because without identifying a specific phone how can they know what they are tracking to within a few meters?

At any rate, it seems they are able to identify and track a specific phone, so there is something unique in the signal they capture which lets them do this (I asume). If they can track a speciifc phone appearing in a mall, then if that phone appears in a non-mall shopping place, or other places of business, or any place, that also has access to the FootPath data they will know when that phone appears in their zone of coverage, thus a specific cell phone can be tracked, and if the person ever makes a purchase with a credit or debit card then their name is exposed, and put together with that specific cell phone the system is then able to track a specific individual - this does not sound good that specific individuals can be identified (even though in a round about way) by simply having a cell phone. They end up with the cell phone as the tracked device, coupled with a persons name, coupled with a credit or debit card number, and thus a person is tracked via personally identifiable information. (just guessing)

Verizon, my sons carrier, and my own carrier CSpire, tell me that if the "Location On" feature is enabled it allows "authorized" applications other than 911 services to determine a cell phone location, and that "911 only" mode only allows 911 to locate the phone if a call is placed to 911. They also stated that because the "Location On" option is enabled it does not turn the cell phone into a location beacon that is traceable simply because the phone is turned on.

So i'm guessing the location determination of this mall cell phone tracking is based upon the "Location On" setting being enabled in the phone options, and the data comes from authorized applications. So are the carriers supplying an authorized application capability or is this method exploting the "Location on" option in an unauthorized manner?

So, maybe switching the phone option to "911 only" will keep this new method from tracking the cell phone?

No. This mall story had nothing to do with GPS, and this nothing at all to do with the Location On setting. The "authorized application" your carrier was taking about isn't a normal app like you can launch yourself - they are just saying the carrier can send a location request to your phone in emergency situations and your phone will reply with the GPS coordinates.

This mall thing is simply about the normal cellular signals that the phone and network exchange while the phone is idle. Nothing to even worry about, but if you really want to freak about it anyway you have to turn your phone off to avoid it.

I'm not talking about GPS, I was talking about cell tower triangulation which occurs normally if the phone is turned on even if not being used at the time. According to Verizon and CSpire, cell phones triangulate via cell towers also and there is a periodic signal from the phone that keeps in touch with the closest cell tower ("pings" the tower is what one guy told me). So its GPS. However, they also said that if the "Location On" option is enabled it does not turn the cell phone into a location beacon that is traceable simply because the phone is turned on, but thats based upon having an authorized application to track the phone. So it makes me wonder if this mall cell phone location thing is some how using that periodic "ping" signal in some way.

The mall story doesn't mention GPS, it just says signal, and GPS is not mentioned on the Path Intelligence web site. For FootPath it says this on the Path Intelligence web site:

"The Path Intelligence FootPath system consists of a small number of discreet monitoring units installed throughout the centre. These units calculate the movement of consumers without requiring the shopper to wear or carry any special equipment. The units measure signals from the consumers' mobile phones using unique technology that can locate a consumer's position to within a few metres. These units feed this data (24 hours a day 7 days a week) to a processing centre, where the data is audited and sophisticated statistical analysis is applied to create continuously updated information on the flow of shoppers throughout the centre. At any time the shopping centre management can access the data via PI's secure web-based reporting system.

The FootPath technology is the only system available on the market today that can gather information on shopper paths continuously and accurately. FootPath can be installed in one centre or across a portfolio, providing you with quantifiable information to help you monitor your centre and assess the impact of your business decisions."

So, I already know that the cell phone "pings" a cell tower every once and a while when its turned on from speaking with Verizon and CSpire without having to be used for calls or anything, so i'm guessing the FootPath thing uses this same signal to track specific phones ("The units measure signals from the consumers' mobile phones using unique technology that can locate a consumer's position to within a few metres") because they can track a certain phone to within a few meters, so there is something unique that identifies a specific phone they are able to capture and i'm betting its the signal a cell phone normally sends to a cell tower (if its true that they do periodically "ping" a cell tower) when its inactive as that would identify a specific phone because without identifying a specific phone how can they know what they are tracking to within a few meters? At any rate, they are able to identify and track a specific phone, so there is something unique in the signal they capture which lets them do this.

In a way it could be the uniqueness of the signal, but not the way most would think. The uniqueness could come from the fact that most devices manufactured have a collection of tolerances* that can add up to deviations that are unique for a given device.

*There are other sources. Different implementations of a standard can manifest as well.

Verizon, my sons carrier, and my own carrier CSpire, tell me that if the "Location On" feature is enabled it allows "authorized" applications other than 911 services to determine a cell phone location, and that "911 only" mode only allows 911 to locate the phone if a call is placed to 911. They also stated that because the "Location On" option is enabled it does not turn the cell phone into a location beacon that is traceable simply because the phone is turned on.

So i'm guessing the location determination of this mall cell phone tracking is based upon the "Location On" setting being enabled in the phone options, and the data comes from authorized applications. So are the carriers supplying an authorized application capability or is this method exploting the "Location on" option in an unauthorized manner?

So, maybe switching the phone option to "911 only" will keep this new method from tracking the cell phone?

No. This mall story had nothing to do with GPS, and this nothing at all to do with the Location On setting. The "authorized application" your carrier was taking about isn't a normal app like you can launch yourself - they are just saying the carrier can send a location request to your phone in emergency situations and your phone will reply with the GPS coordinates.

This mall thing is simply about the normal cellular signals that the phone and network exchange while the phone is idle. Nothing to even worry about, but if you really want to freak about it anyway you have to turn your phone off to avoid it.

I'm not talking about GPS, I was talking about cell tower triangulation which occurs normally if the phone is turned on even if not being used at the time. According to Verizon and CSpire, cell phones triangulate via cell towers also and there is a periodic signal from the phone that keeps in touch with the closest cell tower ("pings" the tower is what one guy told me). So its GPS. However, they also said that if the "Location On" option is enabled it does not turn the cell phone into a location beacon that is traceable simply because the phone is turned on, but thats based upon having an authorized application to track the phone. So it makes me wonder if this mall cell phone location thing is some how using that periodic "ping" signal in some way.

The mall story doesn't mention GPS, it just says signal, and GPS is not mentioned on the Path Intelligence web site. For FootPath it says this on the Path Intelligence web site:

"The Path Intelligence FootPath system consists of a small number of discreet monitoring units installed throughout the centre. These units calculate the movement of consumers without requiring the shopper to wear or carry any special equipment. The units measure signals from the consumers' mobile phones using unique technology that can locate a consumer's position to within a few metres. These units feed this data (24 hours a day 7 days a week) to a processing centre, where the data is audited and sophisticated statistical analysis is applied to create continuously updated information on the flow of shoppers throughout the centre. At any time the shopping centre management can access the data via PI's secure web-based reporting system.

The FootPath technology is the only system available on the market today that can gather information on shopper paths continuously and accurately. FootPath can be installed in one centre or across a portfolio, providing you with quantifiable information to help you monitor your centre and assess the impact of your business decisions."

So, I already know that the cell phone "pings" a cell tower every once and a while when its turned on from speaking with Verizon and CSpire without having to be used for calls or anything, so i'm guessing the FootPath thing uses this same signal to track specific phones ("The units measure signals from the consumers' mobile phones using unique technology that can locate a consumer's position to within a few metres") because they can track a certain phone to within a few meters, so there is something unique that identifies a specific phone they are able to capture and i'm betting its the signal a cell phone normally sends to a cell tower (if its true that they do periodically "ping" a cell tower) when its inactive as that would identify a specific phone because without identifying a specific phone how can they know what they are tracking to within a few meters? At any rate, they are able to identify and track a specific phone, so there is something unique in the signal they capture which lets them do this.

In a way it could be the uniqueness of the signal, but not the way most would think. The uniqueness could come from the fact that most devices manufactured have a collection of tolerances* that can add up to deviations that are unique for a given device.

*There are other sources. Different implementations of a standard can manifest as well.

Well, thats a thought too. At any rate, the signal they track would need to be unique in someway so they can track a certain phone to within a few meters.

We already know what they are thinking:

"Mall operators could then theoretically sell data to retailers, alerting them when big-ticket shoppers were approaching so that they could be given personalized service."

"...retailers would get a very detailed profile of who's carrying each phone"

Those ideas came from somewhere, and Path Intelligence says their FootPath system can track a specific phone to within a few meters, so yeah, I already know where this is going and i'll bet before long it just will not be as anonymous as they say it is now and personal identifying data is tied to your cell phone and probably not long from there when the abuses begin.

Argue all you want, it doesn't change the fact that tracking someone's movements on your property through their cell phone is illegal.

You guys are making the assumption that the mall has the right to do this. Well, they don't. They have the right to watch you on closed circuit television, they can follow you through their property but they can NOT use your cell phone signals or data to track your movements. Not only would this violate the terms of service of the cell phone company but that it's considered a violation of Federal law. Dress it up all you want, it is still against the law because they are using the frequency of your cell phone to track your movement through their property without a valid search warrant. Since they are not law enforcement, they have no legal basis to track your movements.

I "might" be able to see your point with some of this, but how does this violate the TOS of the phone companys? From reading the article, Footpath is using it's own equipment to track the cell phones, and therefore has no TOS with the Phone Companys to violate. Now if they were renting the equipment from the DCell companys, then I could see a TOS violation.

I don't have any mobile electronics. Would this scanning only pick up cell phones or would it also pickup other wireless devices like laptops, etc?

Can such mobile devices or other devices emit false signals to confuse or disrupt tracking?

The article makes it sound like it is only for tracking Cell Signals. Of course if you have 3G/4G in your laptop/Kindle/Nook/Game Systems, it would track this also. Anything with a cellular signal. I wouldn't be surprised if similar technology is being used to track wifi signals.

Just what we need, more piles of data in the hands of greedy corporate bastards that spend next to nothing securing this information. How long before someone finds your movement history to be worhty of lulz?

1) Are you making a slippery slope argument?2) What is the marketplace advantage to being able to track them by camera? I understand the advantage to have detailed, anonymous data in marketing to be able to have heat maps and other analytics at your fingertips, but tracking them by camera would have very marginal benefits, if any.

I was referring to the ability of law enforcement people to use cell phone tracking data to locate, identify, and track people on surveillance cameras.

Im still waiting for someone to post the law that says its illegal to receive EM signals not meant for you. Which is patently absurd. Now decoding EM signals not meant for you is another story.

They are not decoding the Cell phone signal just triangulating the signal output, at best they have the physical SID of the phone which is worthless. other than telling who the manufacturer of the phone is.

And yes, this should be illegal and challenged in court. Once my mall tries it I'm going to take them straight to court.

On what legal theory? You're carrying an electromagnetic transmitter in your pocket. On what legal grounds can you complain about someone else observing your EM emissions? Especially when you are on their premises?

How about the FCC regulation that prohibits disclosing any part of an intercepted radio transmission. Under that rule, cell phone tracking is probably illegal.

1. All phones have a id code, as well as a customer id code (either stored on phone or SIM for the later).

2. this is used to make sure that the call gets to the right phone.

3. phones keep a continual watch on what cell towers are nearby and tells the one with the best signal at any one time to be the tower to handle any calls or similar to said phone.

4. for a phone to enable the speakerphone mic, or transmit gps without the owners knowledge, would require either a chip that is independent of the firmware and tying the required hardware together, or custom code in the firmware itself. The latter is questionable at least on Android, as there has yet to be a downright ban on custom firmwares.

The SECOND my local mall implements this, I will walk into the mall manager's office, file a formal, written complaint, expressing my desire to shop and NOT be tracked by my phone, and informing them that I will be conducting all of my business online until they get rid of this horrible system! I will bet, if 10,000 or 20,000 people did the same thing, these tracking systems would quickly disappear!

The SECOND my local mall implements this, I will walk into the mall manager's office, file a formal, written complaint, expressing my desire to shop and NOT be tracked by my phone, and informing them that I will be conducting all of my business online until they get rid of this horrible system! I will bet, if 10,000 or 20,000 people did the same thing, these tracking systems would quickly disappear!

Yeah, just like how people all pledge not to buy the next FPS "upgrade" because all it adds are skins. This is 2011; people can't be expected to remember things like honoring vows.

I think most people here are going overboard when they think of how fingerprinting a mobile device is done.

"Fingerprinting" a RF device can also be looking at how the transmitter keys up. I saw a device several years ago at a radio convention that displayed what the RF module in the radio did the moment power was applied to it on a certain frequency, something like a spectrum analyzer but would hold the display for the first few milliseconds of a transmitter initial key-up.

The vendor stated that every RF device has a unique fingerprint (pattern) on how it radiates RF when it is turned on. Changing this pattern in your phone would probably require you to replace the RF module or amplifier....good luck with that!

Taking this theory to the mall, I can see how this could be used regardless of what flavor of system the phones were on as it would go well beyond any real digital data and rely on the characteristics of each unique RF device. Monitoring this is totally transparent and passive.

The comparator device with multiple receivers being able to triangulate location would be easy to setup, then monitoring the air for each phone doing its usual ping to the tower over a broad frequency range would be able to discern a unique devices location. Obviously GSM, CDMA, and TDMA bands would be monitored.

Wonder if they are doing this already with WiFi devices? Same technology, but with MAC ID's out in public view, it would be much simpler.

But without knowing just how this device in the malls work, kinda leaves the debate open.

Suggestion: Use two-way radios in the mall to keep track of the kiddies, and leave the cell in the car.

BTW: Nice looking phoney camera if I ever saw one, especially with the replacement beehive turn signal lens on the bottom and telephoto 'lenses' watching out for the bad guys. Somewhat reminds me of the interrogation droid from "Star Wars"

Scary news for everybody: that little gold square that has recently appeared on bank and credit cards is an RFID chip. This is a microcircuit that responds to radio-frequency signals with a rebroadcast of information encoded on it, in the case of bank cards, with your account information including your sign-on code or password.

The Bad Guys can and now do broadcast the appropriate enquiries, and pick your information out of the air. RF-proof wallets are coming on the market, and they're probably a good investment. Failing that, a piece of aluminum foil in the back of your wallet is probably a good idea: it doesn't have to work perfectly; it just has to make your wallet's reply signal less clear than that of the person next to you.

Scary news for everybody: that little gold square that has recently appeared on bank and credit cards is an RFID chip. This is a microcircuit that responds to radio-frequency signals with a rebroadcast of information encoded on it, in the case of bank cards, with your account information including your sign-on code or password.

The Bad Guys can and now do broadcast the appropriate enquiries, and pick your information out of the air. RF-proof wallets are coming on the market, and they're probably a good investment. Failing that, a piece of aluminum foil in the back of your wallet is probably a good idea: it doesn't have to work perfectly; it just has to make your wallet's reply signal less clear than that of the person next to you.

-dlj.

Don't be an idiot. Did you really think no one has considered the security implications of having RFID in consumer cards like that? First, they do not transmit the information you're talking about. It doesn't even make sense - do you also think your credit card magnetic strip has the password to log into your bank account online? Use common sense before writing nonsense.

Some account information is exchanged, but it is done only over an encrypted channel, and only at a max range of about 4 inches. It is silly to be worried about this.

Fool, read what I wrote: RFID chips broadcast information in response to a prompting signal. They do not originate broadcasts on their own.

Four inches is plenty: you brush up against any number of objects in a day, and some of them contain RFID enquiry transmitters run by people who scam credit cards. Profitably, for them. Unprofitably for banks and eventually for the public. And a great deal of time and trouble for the people who get scammed.

But have it your own way, and believe your own puffery. I'll be happy if you're one of the people scammed by these folks.

Fool, read what I wrote: RFID chips broadcast information in response to a prompting signal. They do not originate broadcasts on their own.

Four inches is plenty: you brush up against any number of objects in a day, and some of them contain RFID enquiry transmitters run by people who scam credit cards. Profitably, for them. Unprofitably for banks and eventually for the public. And a great deal of time and trouble for the people who get scammed.

But have it your own way, and believe your own puffery. I'll be happy if you're one of the people scammed by these folks.

-dlj.

Do a little research. It isn't my opinion I'm sharing but the conclusion of third parties looking into the very issue you are concerned about. Here is another article.

The article you mention confirms what I wrote, that RFID chips contents can be copied by black hats, and makes the very weak claim that encryption has improved -- uh, by comparison with that on mag stripes on cards. This is pretty irrelevant: nobody wants to read the information. They simply want to copy it onto another chip and use that to withdraw your money.

Thank you. I have no idea what thrill you get out of denying the existence of a crime that is now widespread. But keep on practising.